Skip to main content
McAfee MVISION Cloud

Near Real-Time DLP Scan and Malware Scan for Azure

MVISION Cloud provides Near Real-Time (NRT) DLP and Malware detection capability for Azure blob storage. This feature significantly reduces the time to find new DLP and Malware violations in blob storage by detecting file creation or modification events in almost real-time and evaluating associated DLP and Malware policies.

NRT DLP and Malware Scans for Azure leverages event subscription for the storage account which is mapped to the MVISION Cloud webhook. Whenever a blob storage event is generated, it sends a notification to the webhook, which is then processed and triggers the evaluation of the appropriate DLP or Malware policies.  

Prerequisites

Configure an Azure instance in MVISION Cloud. For more information, see Enable Microsoft Azure.

Enable NRT DLP and Malware for Azure 

 To enable Near Real-Time DLP and Malware Scans for Azure:

  1. Login to MVISION Cloud and go to Settings > Service Management.
  2. Select your Microsoft Azure instance and click Setup > Edit.
  3. You are redirected to the Summary page. Under Enabled Features, click Edit.
  4. To enable NRT DLP, select the checkbox Near Real Time.
  5. To view the prerequisite steps to set up NRT DLP, click the link NRT DLP. You are redirected to the current page.
    nrt_enable.png

Configure Event Subscriptions

You can configure Event Subscriptions using an ARM template or manually. 

Use the ARM Template

  1. In the Azure Portal, go to Templates
    azure_webhook_1.png
  2. Select Add
    azure_webhook_2.png
  3. For General, add a name and description, and click OK.
    azure_webhook_3.png
  4. Download the file update_Storage_account_with_Event_sub.json. Use this template if you want to create event subscription for multiple storage accounts.
  5. Copy and paste the contents into the ARM Template page. Then click OK and Add
    azure_webhook_4.png
  6. The result should look like this:
    azure_webhook_5.png
  7. Deploy the template.
    azure_webhook_6.png
  8. Fill in the required information: 
  9. Accept terms and conditions, then select Purchase
    azure_webhook_7.png
  10. To make sure everything works, check that events are configured for the intended storage blobs. 
    azure_webhook_8.png

Configure Event Subscriptions Manually

  1. In the Azure portal, go to the Storage account that you want to configure. 
  2. Add Event Subscription and provide the required information:
  3. Click Create.azure_webhook_9.png

 

Configure DLP and Malware Policies for NRT 

  1. Go to MVISION Cloud and select Policy > DLP Policies.
  2. You can create a new DLP policy or edit an existing one. Then for Services select Microsoft Azure.
    nrt_azure.png
  3. Click Save.
  4. You can create a new malware policy or edit an existing one. Choose Policy > Malware Policies > Choose a malware policy and you are redirected to Review and Activate Policy page.
  5. Under Description, click Edit and for Services select Microsoft Azure.
    nrt_malware_azure.png
  6. Complete the further steps, and then click Save.

  • Was this article helpful?